[Samba] External Authentication

Rowland Penny rpenny at samba.org
Fri Apr 12 08:31:47 UTC 2019

On Thu, 11 Apr 2019 14:37:58 -0700
Vex Mage via samba <samba at lists.samba.org> wrote:
> I'm just trying to find a way to make Samba4 be useful in some way
> and so far I can find no place for it, let alone any use of it.

Probably because you are still thinking in the past ;-)

> > >
> > > I can also think of a convoluted LDAP diff of both systems to
> > > shore up the Samba4 LDAP with the campus LDAP however; this
> > > script would have to run periodically and I'm currently not aware
> > > whether Samba4 can read the blackbox LDAP password encryption
> > > type.  
> >
> > I have heard of some convoluted ways of doing things, but yours just
> > might be the strangest ;-)
> >  
> Thanks, if Samba worked like it used to perhaps one wouldn't have to
> think so far out of the box and we could just get things done?

Samba still can work like it used to, but I wouldn't advise it,
NT4-style domains are a bit like Zombies, they work now, but for how
long ? Microsoft has broken them twice by 'accident'

> No, I really have no problem with that. It would be perfectly fine to
> upgrade if Samba4 was as flexible as Samba3. There's nothing legacy
> in this network except for Samba. We're being held back because of
> the Samba.
No, it sounds more like you are holding back Samba.

> The problem is that there is no apparent upgrade path for the old
> system. The corner stone of this deployment is that there's an
> existing centralized authentication server however; Samba4 seems
> wants a paradigm shift so that it becomes the princess of its own
> castle. It seems to me that it has become the very thing that birthed
> its creation, a monster that wants to strand its user base into its
> own proprietary system.

It isn't its own proprietary system, it is take on Active Directory. 

> All I trying to do is to make Windows play
> nice with an existing open source authentication server but all I'm
> hearing from the Samba project are vain, and to be quite frank very
> condescending tones about switching all authentication to its AD
> server. In my opinion the Samba project has devolved since I've last
> had to work with it and it has become inflexible and passé. I do not
> think that there will be a place for Samba if Microsoft continues to
> extend it's offering to open source community. I didn't want to
> believe my compatriots about the Samba4 issue. I feel like the
> terrorists have already won.

The problem is not that Samba has become inflexible, it is that the
world has moved on and Windows clients now expect AD. Samba had to
move to AD or just die. If you do not believe me when I say that the
days of the NT4-style domains are over, try and find the smbldap-tools
webpage, which you wont. All it needs is for Perl to do a Python and
smbldap-tools will stop working.

Unless you want to wake up one morning (probably about 1am in response
to a phonecall) to find nothing works any more, then I suggest that you
seriously consider upgrading.
> I really do appreciate that you took your time to reply but
> everything you have said has been vapid, the mantra of a dead
> rhetoric. Thank you for at least trying. Have a great day.

They say the truth hurts and you sure sound hurt, From what you have
posted, it sounds like you are using a PDC for authentication, you can
easily upgrade this to AD.


More information about the samba mailing list